-------- Original Message --------
Subject: Windows XP SP2 Considerations
Date: Thu, 23 Sep 2004 20:32:44 -0400
From: Fred Sabin <fsabin@...>
To: fsabin@..., rfbyrne@...,
jjbeck@..., ldlaich@..., tjkehoe@...,
jaoneill1@..., beckdo@..., talkingterry@...,
smithwks@..., t39qb7@...



To all NJCC Executive Committee Members,

Following are two email articles on Windows XP SP2 from Patrick Crispen's "The
Internet TourBus" newsletter (http://www.netsquirrel.com). You may or may not
agree with his recommendation to wait on installing SP2, but these
considerations may be of interest to you.

Finally, I have attached a third email article from the September 4th "Kim
Komando Show Electronic Newsletter" (http://www.komando.com) on how to
"uninstall" SP2 if it doesn't run properly.

I ordered and received the free Microsoft XP SP2 CD-ROM (from
http://tinyurl.com/6g675), but have NOT personally used it yet nor have I used
any of the following procedures. If you do so, please let us all know what
happened.

NOTE to Rich Byrne: Please feel free to send this to our NJCC membership via
NJCCMAIL listserve if you feel that it is appropriate.


1) Quick Clarification: XP SP2 CD

Last week I said that you should order a copy of Windows XP SP2 on CD-ROM but
not install it until after Halloween. A few people wondered if, considering the
problems a few people have been having upgrading to XP SP2, it would be better
to wait to order the disc until just before you're ready to upgrade. That way
Microsoft would have time to put some new updates on it.

Unfortunately, it doesn't work that way. The XP SP2 CD-ROM is pretty much
etched in stone. Microsoft isn't going to add, delete, or change anything on
that disk for at least six or eight months. So there's no real point in
waiting.

But how are you going to be able to get the patches necessary to ensure that
your computer doesn't become a really loud, expensive door stop when you
upgrade? Well, we'll talk more about this when we get closer to Halloween, but
the upgrade process you're going to follow will be:

1. Run the latest version of your anti-spyware program[s] to make
sure your computer is free of spyware. [NOTE: Also anti-virus
program with current virus definitions update.]

2. Visit your computer manufacturer's web site and download any
patches they recommend. If your computer manufacturer doesn't
have a homepage, you'll need to run the Belarc Advisor to
identify the major components in your computer and then visit
each component manufacturer's web site for the necessary
patches.

3. Install Windows XP SP2 from the CD-ROM.

4. Immediately run Windows Update to get all of the new patches
that aren't on the CD-ROM.

So, get the XP SP2 CD-ROM today but put it away for later.

To order a free copy of XP SP2 on a CD-ROM, just hop on over to either

http://tinyurl.com/6g675

or


http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.m\
spx

Both addresses take you to the same page, and that last address needs to be on
one line. The English language version of XP SP2 is available today, and
versions written in other languages will be released over the next two weeks.

You can also find free copies of the XP SP2 CD-ROM at many major retailers
including Circuit City, Best Buy, and Office Depot. Maybe. I had to beg the
clerk at my local Circuit City for the disc, and it took him about 15 minutes to
find it somewhere in the back of the store.


2) Microsoft Security Update

Last week I mentioned that Microsoft released a series of patches that
[hopefully] closes a rather nasty security hole in how Microsoft products
process JPEG images. Affected Microsoft products include:

- Windows XP and XP SP1 [but not SP2];

- Internet Explorer 6 SP1;

- Microsoft Office XP [Outlook, Word, Excel, PowerPoint, FrontPage, and/or
Publisher]; and/or

- Microsoft Office 2003 [Outlook, Word, Excel, PowerPoint, FrontPage,
Publisher, InfoPath, and OneNote]

Even more discouraging is the fact that patching this hole is more complicated
than usual in that it involves updating both Windows *AND* Microsoft Office,
something few people know how to do.

I also mentioned in an earlier post that when Microsoft releases any new
security patch an unintended consequence is that the bulletin announcing the
patch also announces that vulnerability to crackers. Crackers count on the fact
that you won't get the patch--your computer will continue to be vulnerable.

Well, our friends at news.com.com [.com] announced yesterday that:

A sample program hit the Internet on Wednesday, showing by
example how malicious coders could compromise Windows computers
by using a flaw in the handling of a widespread graphics format
by Microsoft's software.

Source: http://tinyurl.com/3n5tg

What does this mean in English? Well, Microsoft's JPEG processing vulnerability
is moments away from becoming the next big computer security threat, one from
which your antivirus and firewall may not protect you. Last week's bulletin is
literally this week's exploit.

Fortunately, despite what the media is going to tell you over the next few days,
there's no need to panic. Closing this hole is a snap. You just have to follow
a few, simple steps.

If you have already upgraded your computer to Windows XP Service Pack 2 [XP
SP2], stop reading. The JPEG processing vulnerability patch is built into XP
SP2. Your computer is already protected.

But, if you haven't yet upgraded, DON'T! Not yet anyway. While XP SP2 does fix
Microsoft's JPEG processing vulnerability, it could introduce a whole host of
other problems to your computer that you just don't want to deal with today.
Don't get me wrong, you *NEED* XP SP2. Just not today. My recommendation is to
wait until after Halloween. In fact, some time in early November I'll write a
Tourbus post showing you, step-by-step, how to upgrade to XP SP2 safely and
easily.

For now, let's focus our attention back on Microsoft's JPEG processing
vulnerability. When you try to run Windows Update on a computer that doesn't
yet have XP SP2, the only critical update Microsoft shows you is--you guessed
it--XP SP2. You don't even have the option of getting the patch that closes the
JPEG processing vulnerability.

What you need to do is tell Microsoft to hide their XP SP2 upgrade from your
computer for a while. To do that, just point your web browser to:

http://go.microsoft.com/fwlink/?LinkId=33517

and download Microsoft's free "XP SP2 Blocker Tools." These free tools
temporarily keep Windows Update from automatically installing XP SP2 onto your
computer until April 13, 2005. [I'll show you how to unblock this in an
upcoming Tourbus post.]

Before you can download the XP SP2 Blocker Tools, Microsoft asks you to
voluntarily validate that you are running a licensed, non-stolen copy of
Windows. Click on the continue link in the yellow bar and you are taken to a
page where you are asked to give Microsoft permission to check your license of
Windows. Even if you say no, you'll still be able to download the XP SP2
Blocker Tools.

Once you're past the validation page,

1. Click on the Download link on the right side of the page.

2. When asked if you would like to open or save
[XPSP2BlockerTools.EXE] to your computer click on the Open
button.

3. Click on the Yes button to agree to the [five page, two
thousand word] end user license agreement.

4. When asked to type the location where you want to place the
extracted files, click on the Browse button.

5. Scroll to the top of the list, choose your Desktop, and click
on the OK button.

6. Click on the OK button again to extract the files.

7. Close your web browser and any other open program.

8. On your desktop you will see five new icons. Double-click on
XPSP2Blocker. A window will open telling you that the Action
[was] successfully completed, and the window will
automatically close after 5 seconds.

9. Feel free to delete those five new icons from your desktop.
You won't need them again.

That's it. Windows Update won't try to install XP SP2 onto your computer until
mid-April. And, better still, you can now see the critical updates that
Microsoft has been hiding from you.

Getting the patch.

To get the JPEG processing vulnerability patch:

1. Run Windows Update by going to Tools > Windows Update in
Internet Explorer. Click on "Scan for updates." Then just
install ALL of the critical updates available for your
computer by clicking "Review and install critical updates."
You may need to restart after you install the critical updates,
and remember to always rerun Windows Update until it tells you
to go away.

Most people will stop here, thinking they have successfully
protected their computers from this new JPEG processing
vulnerability. And most people will be wrong. You still have
two more steps to go.

2. Run Office Update by going to:

http://officeupdate.microsoft.com/ and clicking on "Check for updates."

Since the JPEG processing vulnerability is in both
Windows *and* Office, and since the older version of Windows
Update doesn't automatically scan Office for updates, the only
way--well, actually, the *easiest* way--to get the latest
critical updates for Microsoft Office is to manually go to:

officeupdate.microsoft.com.

Have your Office installation CD-ROM nearby. Microsoft may
want to "sniff" your disk to make sure you actually own a
licensed copy of Office. But what if you can't find your
Office installation disk? Unfortunately, you're hosed. You
are going to have to borrow a disc from a friend. No disc, no
Office update. And this JPEG processing vulnerability is so
nasty that you NEED to update Office as soon as possible.

3. The third and final step is to, in Internet Explorer, go to:

http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

and click on "Check for Affected Imaging Software." This
scans older versions of Windows to make sure that you don't
have any Microsoft imaging software hiding on your computer
that is also vulnerable to this JPEG processing vulnerability.

Remember, running Windows Update is only one-third of the patch process, and you
may need to hide XP SP2 before you can even do that. Once you have the patch,
you also need to run Office Update and [if you are running an older version of
Windows] have Microsoft scan your imaging programs.


3) MY "KILLER TIP OF THE WEEK" IS JUST FOR YOU!

Q. What should you do if you have installed Service Pack 2 on your computer and
now it won't even boot.

A. Microsoft has a process to restore the computer. It involves use of the
Recovery Console. Listeners have told me that it works, although it sometimes
takes several tries.

If your computer refuses to boot after installation of SP2, put your XP
installation disc in the CD or DVD drive. Start the computer. When prompted,
press a key to boot from the CD

When you are given the choice of starting the Recovery Console, press R. Type
the number that corresponds to your installation of Windows. Press Enter.

At the prompt, enter the Administrator password (if you have one) and press
Enter.

Once in Recovery console, enter these lines. Press Enter after each:

--cd $NtServicePackUninstall$\Spuninst

--batch spuninst.txt

--exit

Remove the XP disc and reboot the computer. Assuming the computer reboots, click
Start>>Run. Enter cmd in the box and press OK. At the command prompt, type the
following commands. Press Enter after each:

--cd %Windir%\$NtServicePackUninstall$\Spuninst

--spuninst.exe

That should uninstall SP2.

Help is also available from Microsoft via the phone or online. The phone number
is 1-888-772-4357. The company warns that hold times can be lengthy.

If you can get online, Microsoft offers a chat option. Or you can send e-mail.
Several people have reported excellent experiences using these methods.
Microsoft is apparently taking these problems seriously.

There is more information at: http://snipurl.com/8phj